Saturday, April 11, 2015

Allow only specific users to have multiple RDP sessions on 2008 R2 (without AD DS)




I'm currently an intern in a forecast service of the rising in the water level of the rivers of an entire French Region. I apologise in advance for my English, I'm still improving it.



The network infrastructure of the service is as following:
Everybody work on thin clients, connecting on applicative servers (with 2008 R2 on them) via RDP. These servers aren't all integrated in a domain (Well... They COULD be in one, since they have a Samba4 DS running in a corner, but my boss had a little issue trying to add all the servers in the Samba domain. It's not my task to resolve this, so screw this) nor in a server farm managed by a connection broker.



I was asked to search for means to have only some users on each server to have multiple RDP connections, with the others having only one RDP session allowed, which is a little hard without the GPO management tools of ADDS.
On top of that, I'm looking for tools to send a popup to the connected sessions of the mono-session users asking if they have still work to do when some other guy tries to connect to the same session. If they're still working in this session, they click on 'Yes' and the poor dude who was attempting to connect is rejected. If they don't answer in like 30 seconds or click on 'No' then the new user takes the hand on the session.



After a week of pointless researches involving bad scripting and a misunderstanding on what was the Connection Broker service, I turn to you to ask for help.




EDIT: I forgot to specify that the thin clients run on XP Embedded, which limits the client-side scripting (if there is) to Powershell 2.0, that I was thinking of using to do most of the work.


Answer



So, since I can't specify for each user to have only one session or multiple sessions, they'll have to continue to deal with 2 servers executing the same apps, 1 having multiple-sessions users, the other having mono-session users.



To control the RDP connections, I think I'll type a little software (a basic remote desktop manager) which will send the desired popup to the active sessions when someone tries to take it over before establishing the connection.



I'll have to ask to my coworkers to use this software to connect to the mono-session servers instead of the RD manager we're currently using.



Anyway, thanks for your answer HopelessN00b.


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...